المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : حل مشكلة الدي ان اس لا يعمل DNS resolution Issues فى الفورتي جيت FortiGate



Rise Company
15-05-2020, 10:55
حل مشكلة الدي ان اس لا يعمل DNS resolution فى الفورتي جيت FortiGate
DNS resolution not working when DNS Server configured to 'Same as Interface IP'
Deny: DNS error - Many entries "Deny:DNS Error" in Forward traffic log
DNS Error on Fortigate - Slow DNS resolution due to DNS Filter
DNS filter - A rating error occurs - all Fortiguard SDNS servers failed to respond
FortiGate DNS queries can fail

https://www.rise.company/forum/images/imported/2020/05/34.jpg

شركة فورتي جيت تنصح بتغيير DNS الاساسى الخاص بها باخر مثل 8.8.8.8

او استخدام Local الخاص بك من Internet Service Provider

حيث الافتراضى هيسبب ضعف و تقطع فى dns فهو غير مخصص للتصفح ولكن له استخدامات اخري

لذا قم بتغييرها ثم هيا بنا نحل مشكلة DNS Error" in Forward traffic log

ان الدى ان اس على Switch Interface على سبيل المثال 192.168.1.1 لا يعطى انترنت اى DNS

حيث انه يجب ان تفعيل DNS Server من داخل الفورتي جيت ثم تسمح لهذا Interface بعمل ايضا DNS



If you do not change your FortiGate unit default DNS configuration, FortiGate-initiated DNS queries can fail.
DNS queries that fail can cause address resolution problems and can also cause the FortiGate unit and FortiGuard AntiSpam to identify legitimate email as spam.


FortiOS on all FortiGate units includes a default DNS configuration. Most users should change this default configuration to avoid DNS lookup failures.

The default FortiGate DNS configuration assists with resolving FortiGuard Service addresses and for other DNS requirements during the installation of your FortiGate unit.








https://www.rise.company/forum/images/imported/2020/05/35.jpg


This article provides a solution to DNS resolution not working
when DNS Server is configured to "Same as Interface IP".



DNS resolution can be seen to fail.



https://www.rise.company/forum/images/imported/2020/05/36.jpg




Solution

Enable the DNS Database Feature.



https://www.rise.company/forum/images/imported/2020/05/37.jpg




Configure a DNS Server for the interface that DNS requests will be sent to.

Set the mode to "Forward to System DNS".



https://www.rise.company/forum/images/imported/2020/05/38.jpg





DNS resolution can now be seen to be successful.

https://www.rise.company/forum/images/imported/2020/05/39.jpg


المرجع:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40580
https://forum.fortinet.com/tm.aspx?m=148090
https://forum.fortinet.com/tm.aspx?m=157701
https://forum.fortinet.com/tm.aspx?m=155134
https://forum.fortinet.com/tm.aspx?m=157361
https://forum.fortinet.com/tm.aspx?m=139287

https://forum.fortinet.com/tm.aspx?m=138190